Teenage Apple Hacker Avoids Prison Time

An Australian teen charged with hacking Apple had a hard drive with a folder titled "Hacky Hack Hack Methods."

An Australian man who as a teenager managed to infiltrate Apple's networks and do it again after the company managed to expel him has been sentenced to eight months of probation, according to news reports.

The man was charged with unauthorized modification and possession of data, a spokesman for the Australian Federal Police tells Information Security Media Group. During a hearing Thursday, a magistrate said the first charge carried a maximum sentence of 10 years, and the second one, two years, Bloomberg reports.

At the hearing, the magistrate said: "Your offending is serious. It was sustained, sophisticated and a successful attack on the security of a major multinational corporation," Bloomberg reports.

The Age reports that the man's father wiped away tears after the probation order was read.

The 19-year-old man has been accepted into a university and plans to study criminal justice and cyber safety, according to news reports.

Apple tells ISMG that personal data was not compromised in the intrusions.

"At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats," the company says in a statement. "In this case, our teams discovered the unauthorized access, contained it, and reported the incident to law enforcement."

How Hacker Bit Apple

Apple is likely one of the most well-defended companies in the world, but no company is impervious to all attackers. Furthermore, Apple is likely one of the most targeted organizations because of its ubiquitous iPhone and other products.

In the case of the Australian teen hacker, the court heard that his first intrusion campaign ran from June 2015 to November 2016. The magistrate said at the man's sentencing that he "exploited a virtual private network used by authorized people to connect remotely into Apple's internal systems," Bloomberg reports.

After police raided the teen's home, they recovered two Apple laptops and a hard drive that contained a folder labeled "Hacky Hack Hack Methods Exclude." The folder contained "12 files on methods to infiltrate or bypass Apple's security," Bloomberg reports.

The hacker was able to launch a shell on Apple's systems, which enabled him to quickly remove data, including copies of internal security policies and authentication keys, Bloomberg reports. All told, the stolen data amounted to 1 terabyte.

Apple identified and shut down the attack in November 2016. But the man - as well as a second person who has not been named in court, but who also appears to have been a teenager - regained access last year.

The Age reported on Aug. 16 that in WhatsApp chats, the teen Apple hacker from Melbourne had bragged about gaining access. A lawyer for the defendant told the court that day that his client had become renowned in the international hacking community.

Police Pursue Second Suspect

The 19-year-old defendant cooperated with investigators and showed remorse to the court for his actions, the magistrate said, according to Bloomberg.

Australian police continue to investigate the Apple intrusions. A brief of evidence related to a second teenager has been sent to the Office of the Commonwealth Director of Public Prosecutions, the Australian Federal Police spokesman says.

About the Author

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.